SNMP Flaw Affects Several Online Devices

A severe security flaw in the implementation of the SNMP (Simple Network Management) Protocol allows an attacker to take over at least 78 cable modem models.

SNMP is used for automated network device identification, monitoring and remote configuration. It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.

The problem, dubbed StringBleed and tracked as CVE 2017-5135, was reported by the security researchers Ezequiel Fernandez and Bertin Bervis.

The SNMP protocol supports three methods for client authentication and to authenticate requests on remote SNMP devices, two of them are affected by the authentication bypass issue.

Versions 1 and 2 of the SNMP protocol don’t have strong authentication to begin with. They provide either read-only or write access to a device’s configuration through passwords called community strings.

The StringBleed vulnerability is an Incorrect Access Control issue, remote attackers could exploit the issue to execute code on the vulnerable devices and gain “full read/write remote permissions using any string/integer value.”

“In few words, we discovered the following: you can use any value string or integer in order to authenticate the SNMP agent successfully in some specific devices, but the worse thing here is : you have full read/write remote permissions using any string/integer value.” said the researchers.